La Trobe
1186697_Zhao,Y_2021.pdf (2.78 MB)
Download file

User-Level Membership Inference for Federated Learning in Wireless Network Environment

Download (2.78 MB)
journal contribution
posted on 18.11.2021, 06:14 authored by Y Zhao, J Chen, J Zhang, Z Yang, Huawei TuHuawei Tu, H Han, K Zhu, B Chen
With the rise of privacy concerns in traditional centralized machine learning services, federated learning, which incorporates multiple participants to train a global model across their localized training data, has lately received significant attention in both industry and academia. Bringing federated learning into a wireless network scenario is a great move. The combination of them inspires tremendous power and spawns a number of promising applications. Recent researches reveal the inherent vulnerabilities of the various learning modes for the membership inference attacks that the adversary could infer whether a given data record belongs to the model's training set. Although the state-of-the-art techniques could successfully deduce the membership information from the centralized machine learning models, it is still challenging to infer the member data at a more confined level, the user level. It is exciting that the common wireless monitor technique in the wireless network environment just provides a good ground for fine-grained membership inference. In this paper, we novelly propose and define a concept of user-level inference attack in federated learning. Specifically, we first give a comprehensive analysis of active and targeted membership inference attacks in the context of federated learning. Then, by considering a more complicated scenario that the adversary can only passively observe the updating models from different iterations, we incorporate the generative adversarial networks into our method, which can enrich the training set for the final membership inference model. In the end, we comprehensively research and implement inferences launched by adversaries of different roles, which makes the attack scenario complete and realistic. The extensive experimental results demonstrate the effectiveness of our proposed attacking approach in the case of single label and multilabel.


This work was supported in part by the National Key Research and Development Program of China under Grant 2019YFB2102000, in part by the National Natural Science Foundation of China under Grant 62172215, and in part by the Natural Science Foundation of Jiangsu Province (No. BK20200067).


Publication Date



Wireless Communications and Mobile Computing



Article Number








Rights Statement

The Author reserves all moral rights over the deposited text and must be credited if any re-use occurs. Documents deposited in OPAL are the Open Access versions of outputs published elsewhere. Changes resulting from the publishing process may therefore not be reflected in this document. The final published version may be obtained via the publisher’s DOI. Please note that additional copyright and access restrictions may apply to the published version.

Usage metrics